Ubiquitous and permanently connected to the internet, smartphones are here to stay. As devices that talk to everything all of the time, they access corporate data more easily whilst boundaries to the company network blur or even disappear.

Imagine: Joe from Accounts procures his new iPhone as part of his renewed contract and one of the first things he does after restoring the backup of his data from his old phone is to connect it up to the company network to get his work email on his device. What happens to his old phone? The one that probably doesn’t have a strong password on it, is not encrypted and no longer in the direct control/possession of Joe. Did Joe wipe it, or think to remove his work email and documents, or did he perhaps just leave it in a drawer somewhere, or worse still sell it on eBay? It is these kinds of everyday situations that widen the exposure of the company and which could lead to a data security breach.

45% of UK businesses surveyed confirm that Bring Your Own Device (BYOD) is permitted in the organisation, presenting major risk for a Cyber Security breach via a device that does not employ centrally enforced controls.

Many organisations simply don’t understand or acknowledge the dangers associated with personal devices: the scenario of Joe from accounts is one example of a breach that could go undetected. Mobile malware is another. Vulnerable, unpatched Android devices another.

It is outdated thinking to continue to allow corporate data on employee-owned smartphones without some form of Mobile Device Management (MDM) in place. Employers need to explain the risks with BYOD and give employees the tools and processes to manage them. Failure to do this would not be excusable in the event of a data security breach.